Wireshark-bugs: [Wireshark-bugs] [Bug 11016] New: Buildbot crash output: fuzz-2015-02-27-29473.p

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 27 Feb 2015 03:50:04 +0000
Bug ID 11016
Summary Buildbot crash output: fuzz-2015-02-27-29473.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-02-27-29473.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-02-27-29473.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/104-Bug_361_For_Analysis.cap

Build host information:
Linux wsbb04 3.13.0-45-generic #74-Ubuntu SMP Tue Jan 13 19:36:28 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.2 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3168
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=618eaecee6ebcc533ffb74c1ea462b60b3899356

Return value:  0

Dissector bug:  0

Valgrind error count:  16



Git commit
commit 618eaecee6ebcc533ffb74c1ea462b60b3899356
Author: Martin Mathieson <[email protected]>
Date:   Wed Feb 25 15:50:49 2015 +0000

    delete_includes.py: add target for ui/qt

    Change-Id: I9dc51fbef50941f04ccf5b0b5a8cd71f3693ade4
    Reviewed-on: https://code.wireshark.org/review/7389
    Reviewed-by: Martin Mathieson <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==29546== Memcheck, a memory error detector
==29546== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==29546== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==29546== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-02-27-29473.pcap
==29546== 
==29546== Invalid read of size 1
==29546==    at 0x4C2E0E2: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29546==    by 0x66FF038: ipx_to_str (address_types.c:409)
==29546==    by 0x66FF630: address_to_str (address_types.c:905)
==29546==    by 0x6AFB20B: dissect_ipx (packet-ipx.c:350)
==29546==    by 0x6715273: call_dissector_through_handle (packet.c:614)
==29546==    by 0x6715C44: call_dissector_work (packet.c:700)
==29546==    by 0x671638B: dissector_try_uint_new (packet.c:1132)
==29546==    by 0x67163D6: dissector_try_uint (packet.c:1158)
==29546==    by 0x6B74221: dissect_llc (packet-llc.c:501)
==29546==    by 0x6715273: call_dissector_through_handle (packet.c:614)
==29546==    by 0x6715C44: call_dissector_work (packet.c:700)
==29546==    by 0x67178C1: call_dissector_with_data (packet.c:2386)
==29546==  Address 0x12386e06 is 0 bytes after a block of size 22 alloc'd
==29546==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29546==    by 0x9C2E610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==29546==    by 0x7267F7B: wmem_simple_alloc (wmem_allocator_simple.c:55)
==29546==    by 0x66FF61D: address_to_str (address_types.c:904)
==29546==    by 0x6AFB20B: dissect_ipx (packet-ipx.c:350)
==29546==    by 0x6715273: call_dissector_through_handle (packet.c:614)
==29546==    by 0x6715C44: call_dissector_work (packet.c:700)
==29546==    by 0x671638B: dissector_try_uint_new (packet.c:1132)
==29546==    by 0x67163D6: dissector_try_uint (packet.c:1158)
==29546==    by 0x6B74221: dissect_llc (packet-llc.c:501)
==29546==    by 0x6715273: call_dissector_through_handle (packet.c:614)
==29546==    by 0x6715C44: call_dissector_work (packet.c:700)
==29546== 
==29546== Invalid read of size 1
==29546==    at 0x4C2E0E2: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29546==    by 0x66FF038: ipx_to_str (address_types.c:409)
==29546==    by 0x66FF630: address_to_str (address_types.c:905)
==29546==    by 0x6AFB276: dissect_ipx (packet-ipx.c:355)
==29546==    by 0x6715273: call_dissector_through_handle (packet.c:614)
==29546==    by 0x6715C44: call_dissector_work (packet.c:700)
==29546==    by 0x671638B: dissector_try_uint_new (packet.c:1132)
==29546==    by 0x67163D6: dissector_try_uint (packet.c:1158)
==29546==    by 0x6B74221: dissect_llc (packet-llc.c:501)
==29546==    by 0x6715273: call_dissector_through_handle (packet.c:614)
==29546==    by 0x6715C44: call_dissector_work (packet.c:700)
==29546==    by 0x67178C1: call_dissector_with_data (packet.c:2386)
==29546==  Address 0x12386e66 is 0 bytes after a block of size 22 alloc'd
==29546==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29546==    by 0x9C2E610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==29546==    by 0x7267F7B: wmem_simple_alloc (wmem_allocator_simple.c:55)
==29546==    by 0x66FF61D: address_to_str (address_types.c:904)
==29546==    by 0x6AFB276: dissect_ipx (packet-ipx.c:355)
==29546==    by 0x6715273: call_dissector_through_handle (packet.c:614)
==29546==    by 0x6715C44: call_dissector_work (packet.c:700)
==29546==    by 0x671638B: dissector_try_uint_new (packet.c:1132)
==29546==    by 0x67163D6: dissector_try_uint (packet.c:1158)
==29546==    by 0x6B74221: dissect_llc (packet-llc.c:501)
==29546==    by 0x6715273: call_dissector_through_handle (packet.c:614)
==29546==    by 0x6715C44: call_dissector_work (packet.c:700)
==29546== 
==29546== Conditional jump or move depends on uninitialised value(s)
==29546==    at 0x4C2E0E9: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29546==    by 0x66FF038: ipx_to_str (address_types.c:409)
==29546==    by 0x6703F0C: col_set_addr.isra.6.part.7 (column-utils.c:1848)
==29546==    by 0x67062CA: col_fill_in (column-utils.c:2069)
==29546==    by 0x412F45: print_packet (tshark.c:3987)
==29546==    by 0x413A5A: process_packet (tshark.c:3636)
==29546==    by 0x40C8B9: main (tshark.c:3383)
==29546== 
==29546== Conditional jump or move depends on uninitialised value(s)
==29546==    at 0x4C2E0E9: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29546==    by 0x66FF038: ipx_to_str (address_types.c:409)
==29546==    by 0x6703F0C: col_set_addr.isra.6.part.7 (column-utils.c:1848)
==29546==    by 0x6706482: col_fill_in (column-utils.c:1839)
==29546==    by 0x412F45: print_packet (tshark.c:3987)
==29546==    by 0x413A5A: process_packet (tshark.c:3636)
==29546==    by 0x40C8B9: main (tshark.c:3383)
==29546== 
==29546== 
==29546== HEAP SUMMARY:
==29546==     in use at exit: 1,359,353 bytes in 33,884 blocks
==29546==   total heap usage: 254,402 allocs, 220,518 frees, 31,357,407 bytes
allocated
==29546== 
==29546== LEAK SUMMARY:
==29546==    definitely lost: 4,238 bytes in 173 blocks
==29546==    indirectly lost: 36,968 bytes in 51 blocks
==29546==      possibly lost: 0 bytes in 0 blocks
==29546==    still reachable: 1,318,147 bytes in 33,660 blocks
==29546==         suppressed: 0 bytes in 0 blocks
==29546== Rerun with --leak-check=full to see details of leaked memory
==29546== 
==29546== For counts of detected and suppressed errors, rerun with: -v
==29546== Use --track-origins=yes to see where uninitialised values come from
==29546== ERROR SUMMARY: 16 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.